Содержание
OpenVPN Support Forum
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
OpenVPN and ubuntu — no internet access
Post by minghags » Mon Mar 03, 2014 8:09 am
Im trying to setup OpenVPN on Ubuntu and I can’t get internet access when I connect. Only local ip of server is reachable (10.8.0.1) Please Help.
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 push "redirect-gateway def1"client dev tun proto udp remote my-server-1 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 root@server:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_ACCEPT all -- anywhere anywhere AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000 AS0_ACCEPT udp -- anywhere server state NEW udp dpt:openvpn AS0_ACCEPT tcp -- anywhere server state NEW tcp dpt:https AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_WEBACCEPT tcp -- anywhere server state NEW tcp dpt:943 Chain FORWARD (policy ACCEPT) target prot opt source destination AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000 AS0_OUT_S2C all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination AS0_OUT_LOCAL all -- anywhere anywhere Chain AS0_ACCEPT (5 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain AS0_IN (4 references) target prot opt source destination ACCEPT all -- anywhere 5.5.0.1 ACCEPT all -- anywhere localnet/24 AS0_IN_POST all -- anywhere anywhere Chain AS0_IN_POST (1 references) target prot opt source destination AS0_OUT all -- anywhere anywhere DROP all -- anywhere anywhere Chain AS0_IN_PRE (2 references) target prot opt source destination AS0_IN all -- anywhere 5.5.0.0/20 AS0_IN all -- anywhere 192.168.0.0/16 AS0_IN all -- anywhere 172.16.0.0/12 AS0_IN all -- anywhere 10.0.0.0/8 ACCEPT all -- anywhere anywhere Chain AS0_OUT (2 references) target prot opt source destination DROP all -- anywhere anywhere Chain AS0_OUT_LOCAL (1 references) target prot opt source destination DROP icmp -- anywhere anywhere icmp redirect ACCEPT all -- anywhere anywhere Chain AS0_OUT_S2C (1 references) target prot opt source destination AS0_OUT all -- anywhere anywhere Chain AS0_WEBACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 root@server:~# ifconfig as0t0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:5.5.0.1 P-t-P:5.5.0.1 Mask:255.255.248.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:200 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth0 Link encap:Ethernet HWaddr 00:01:6c:2d:be:00 inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::201:6cff:fe2d:be00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28831661 errors:0 dropped:65539 overruns:0 frame:0 TX packets:25344300 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:27763144851 (27.7 GB) TX bytes:19771050493 (19.7 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:744868 errors:0 dropped:0 overruns:0 frame:0 TX packets:744868 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:208557442 (208.5 MB) TX bytes:208557442 (208.5 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5608 errors:0 dropped:0 overruns:0 frame:0 TX packets:5892 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1018432 (1.0 MB) TX bytes:4512967 (4.5 MB) root@server:~# ifconfig as0t0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:5.5.0.1 P-t-P:5.5.0.1 Mask:255.255.248.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:200 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth0 Link encap:Ethernet HWaddr 00:01:6c:2d:be:00 inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::201:6cff:fe2d:be00/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28833221 errors:0 dropped:65539 overruns:0 frame:0 TX packets:25345463 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:27763517926 (27.7 GB) TX bytes:19771192727 (19.7 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:744948 errors:0 dropped:0 overruns:0 frame:0 TX packets:744948 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:208569802 (208.5 MB) TX bytes:208569802 (208.5 MB) root@server:~# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 5.5.0.0 0.0.0.0 255.255.248.0 U 0 0 0 as0t0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 root@server:~# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 5.5.0.0 0.0.0.0 255.255.248.0 U 0 0 0 as0t0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 if anyone can help please do.
OpenVPN connected but no Internet or LAN
Good evening, I’m facing an issue with my OpenVPN installation. Been at it for 3 days now but still cant figure out what is wrong for the life of me. Basically the issue is that i’m able to connect to my server (ubuntu 14.04 dedicated box) from my client (win 7 pc), but although i’m connected i can NOT access internet and LAN (can’t ping server at 10.0.0.1). I have setup ip forwarding on the server and added iptable rules to the best of my knowledge, as well as setup port forwarding on the router; but still cant manage to get it in working order. All help would be greatly appreciated as i’m still new to openvpn. Thank you all in advance for your precious time. Please find below a copy of my server.conf, client.conf, and iptable rules. Server.conf
dev tun proto udp port 1194 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh1024.pem user nobody group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun client-to-client push "route 192.168.0.0 255.255.255.0" push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" log-append /var/log/openvpn plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn client-cert-not-required username-as-common-name management localhost 7505 Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:openvpn Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.0.0/24 anywhere ctstate NEW ACCEPT all -- 10.8.0.0/24 anywhere ctstate NEW ACCEPT all -- 10.8.0.0/24 192.168.0.0/24 ctstate NEW Chain OUTPUT (policy ACCEPT) target prot opt source destination client dev tun proto udp remote 196.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt auth-user-pass comp-lzo verb 3